Meta 19

• Internal Paths/Files Leakage via Malformed Access Token on graph.meta.ai Jun 20, 2025
• IDOR - Unauthorized Meta Verified Waitlist Modification Apr 23, 2025
• Toggle Messaging Notification for Any Meta Horizon Account Jan 8, 2025
• Exposes Private Facebook/Workplace Videos for any user Mar 11, 2023
• Page Insight Can Add Questions to Pages Sep 19, 2022
• Business Suite (Paid Partnership) - Add Creator to Any Instagram Account Aug 15, 2022
• Mark Marketplace Item as Paid as a Buyer Nov 13, 2021
• Join Workplace Without Approval of Workplace Admin Aug 9, 2021
• Delete Any Ads Reporting Preview Shared with Others Jun 30, 2021
• Block Appointments Requests for Any Facebook Page Oct 11, 2020
• View Reports Ad Account for Any Business (Export via Report ID) Oct 17, 2019
• Bypass Pixel Role (Partner Business) Oct 17, 2019
• Business Partner Can Escalate Role on Block Lists Apr 30, 2019
• Takeover any wit.ai account Apr 19, 2019
• View Draft, Archived and Inactive Effects for Any Facebook or Instagram User Mar 12, 2019
• Delete Groups AR Studio Effect Mar 12, 2019
• Disclosing Private Group Members via Facebook Rooms Oct 12, 2018
• Disclose Page Admins via Facebook Appointments Oct 12, 2018
• View Pending Email of Any Oculus User via GraphQL May 22, 2018